Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-38
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 urlrewrite 1
www.acme*
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 urlrewrite 2
www.acme*
To view statistical information on SSL URL rewrite, see Chapter 7, Displaying
SSL Configuration Information and Statistics.
Specifying SSL Session Cache Timeout
In SSL, a new session ID is created every time the client and the CSS SSL module
go through a full key exchange and establish a new master secret key. Specifying
an SSL session cache timeout allows the SSL module to reuse the master key on
subsequent connections with the client, which can speed up the SSL negotiation
process. You can specify a timeout value to set the total amount of time an SSL
session ID remains valid before the SSL module requires the full SSL handshake
to establish a new SSL session.
The selection of an SSL session cache timeout value is important when using the
advanced-balance ssl load-balancing method for a Layer 5 content rule to help
fine-tune the SSL session ID that is used to stick the client to the server.
Use the ssl-server number session-cache seconds command to configure the SSL
module to resume connection with a client using a previously established secret
key. Enter an SSL session cache timeout value in seconds, from 0 (SSL session ID
reuse disabled) to 72000 (20 hours). The default is 300 seconds (5 minutes). By
disabling this option (entering a value of 0), the full SSL handshake occurs for
each new connection between the client and the SSL module.
Note Cisco Systems does not recommend specifying a zero value for the ssl-server
number session-cache seconds command. A non-zero value ensures that the SSL
session ID is reused to improve CSS performance.
For example, to configure the reuse of an SSL session ID with a client using a
timeout value of 10 hours, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 session-cache 36000
To reset the SSL session reuse timeout to the default of 300 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 session-cache
To Next Page
Loading...
Need help?
General
